Why It Matters
Connecticut drivers enrolled in ignition interlock programs are among those affected by a significant cyberattack targeting a major breathalyzer technology company, raising serious concerns about data security within the state’s court-ordered monitoring system. The breach exposes sensitive personal information belonging to individuals who were legally required to use the devices, leaving many with limited ability to opt out of the data collection that put them at risk.
For Connecticut residents, the incident highlights growing vulnerabilities in the third-party vendors that state law enforcement and court systems rely on to monitor drivers convicted of DUI-related offenses.
What Happened
A cyberattack on a breathalyzer technology company has swept up Connecticut drivers who were required by courts to use ignition interlock devices as a condition of maintaining their driving privileges. The breach was reported in March 2026, with the story first published by Connecticut Public and CT Mirror on March 23, 2026.
Ignition interlock devices are installed in the vehicles of drivers convicted of driving under the influence. The systems require a driver to submit a breath sample before the vehicle will start, and the data — including test results, timestamps, and location information — is transmitted to the device’s manufacturer and monitored by state authorities.
Because participation in these programs is court-mandated rather than voluntary, affected Connecticut drivers had no choice in whether their personal and biometric data was stored by the company that was subsequently attacked. The nature of the data involved makes the breach particularly sensitive, as it includes information tied to legal proceedings and ongoing court supervision.
By the Numbers
Thousands of Connecticut drivers are enrolled in the state’s ignition interlock program at any given time, as the devices are a standard requirement for DUI convictions and license reinstatement. Nationally, ignition interlock programs are active in all 50 states, covering an estimated 350,000 or more drivers at any one time, according to industry and advocacy data.
Cyberattacks on companies that handle sensitive government-adjacent data have increased sharply in recent years. According to federal cybersecurity agencies, ransomware and data theft incidents targeting private contractors working within the criminal justice and law enforcement sector rose by more than 40 percent between 2021 and 2024.
Ignition interlock vendors collect and store a wide range of data points per user, potentially including hundreds of breath test readings, GPS location logs, and photographic records captured during testing — all of which may have been exposed in this breach.
Zoom Out
The Connecticut case reflects a broader national pattern of cyberattacks targeting companies that serve as data intermediaries between individuals and government agencies. When private vendors are breached, the people most exposed are often those who had no meaningful choice about their participation — including individuals under court supervision.
Similar incidents have occurred in other states in recent years. In 2023, a data breach affecting a criminal justice software vendor exposed records tied to probation and parole systems across multiple states. In each case, the affected individuals faced compounded harm: the original legal consequences that brought them into contact with monitoring systems, followed by the loss of control over their private data.
The ignition interlock industry itself is a multibillion-dollar sector, with a small number of major vendors supplying equipment to state programs nationwide. That consolidation means a single successful cyberattack can have cascading consequences across many states simultaneously, amplifying the scale of any individual breach.
Policymakers and cybersecurity experts have increasingly called for stronger federal standards governing how criminal justice vendors store and protect user data, but comprehensive federal legislation specifically addressing this sector has not yet passed.
What’s Next
Connecticut drivers affected by the breach are expected to be notified in accordance with the state’s data breach notification laws, which require companies to inform residents whose personal information has been compromised. The state’s Department of Motor Vehicles and court system may issue guidance to individuals currently enrolled in the ignition interlock program regarding steps they can take to protect their information.
Lawmakers and advocates in Connecticut may push for stronger oversight requirements on third-party vendors used within the state’s criminal justice infrastructure, including minimum cybersecurity standards and more frequent auditing of data protection practices.
Federal agencies, including the Cybersecurity and Infrastructure Security Agency, may also examine the incident as part of broader efforts to address vulnerabilities in vendors serving law enforcement and court systems. Affected drivers should monitor official communications from the company and Connecticut state agencies for updates on the scope of the breach and available remedies.